svn commit: r437855 - in /struts/struts2/trunk/core/src/main: java/org/apache/struts2/StrutsConstants.java java/org/apache/struts2/dispatcher/mapper/DefaultActionMapper.java resources/org/apache/struts2/default.properties

Mon, 28 Aug 2006 14:47:16 -0700 

Author: plightbo
Date: Mon Aug 28 14:46:53 2006
New Revision: 437855

URL: http://svn.apache.org/viewvc?rev=437855&view=rev
Log:
allow the switch to be a toggle, defaulted to false

Modified:
    
struts/struts2/trunk/core/src/main/java/org/apache/struts2/StrutsConstants.java
    
struts/struts2/trunk/core/src/main/java/org/apache/struts2/dispatcher/mapper/DefaultActionMapper.java
    
struts/struts2/trunk/core/src/main/resources/org/apache/struts2/default.properties

Modified: 
struts/struts2/trunk/core/src/main/java/org/apache/struts2/StrutsConstants.java
URL: 
http://svn.apache.org/viewvc/struts/struts2/trunk/core/src/main/java/org/apache/struts2/StrutsConstants.java?rev=437855&r1=437854&r2=437855&view=diff
==============================================================================
--- 
struts/struts2/trunk/core/src/main/java/org/apache/struts2/StrutsConstants.java 
(original)
+++ 
struts/struts2/trunk/core/src/main/java/org/apache/struts2/StrutsConstants.java 
Mon Aug 28 14:46:53 2006
@@ -121,4 +121,7 @@
     
     /** If static content served by the Struts filter should set browser 
caching header properties or not */
     public static final String STRUTS_SERVE_STATIC_BROWSER_CACHE = 
"struts.serve.static.browserCache";
+
+    /** Allows one to disable dynamic method invocation from the URL */
+    public static final String STRUTS_DISABLE_DYNAMIC_METHOD_INVOCATIOn = 
"struts.core.disableDynamicMethodInvocation";
 }

Modified: 
struts/struts2/trunk/core/src/main/java/org/apache/struts2/dispatcher/mapper/DefaultActionMapper.java
URL: 
http://svn.apache.org/viewvc/struts/struts2/trunk/core/src/main/java/org/apache/struts2/dispatcher/mapper/DefaultActionMapper.java?rev=437855&r1=437854&r2=437855&view=diff
==============================================================================
--- 
struts/struts2/trunk/core/src/main/java/org/apache/struts2/dispatcher/mapper/DefaultActionMapper.java
 (original)
+++ 
struts/struts2/trunk/core/src/main/java/org/apache/struts2/dispatcher/mapper/DefaultActionMapper.java
 Mon Aug 28 14:46:53 2006
@@ -19,6 +19,7 @@
 
 import org.apache.struts2.RequestUtils;
 import org.apache.struts2.StrutsConstants;
+import org.apache.struts2.config.Settings;
 import org.apache.struts2.dispatcher.ServletRedirectResult;
 import org.apache.struts2.util.PrefixTrie;
 
@@ -148,6 +149,8 @@
     static final String REDIRECT_PREFIX = "redirect:";
     static final String REDIRECT_ACTION_PREFIX = "redirect-action:";
 
+    private static boolean disableDyanmicMethodCalls = 
"true".equals(Settings.get(StrutsConstants.STRUTS_SERVE_STATIC_BROWSER_CACHE));
+
     private PrefixTrie prefixTrie = null;
     public DefaultActionMapper() {
         prefixTrie = new PrefixTrie() {
@@ -205,18 +208,22 @@
 
         parseNameAndNamespace(uri, mapping, config);
 
-        handleSpecialParameters(request, mapping);
+        if (!disableDyanmicMethodCalls) {
+            handleSpecialParameters(request, mapping);
+        }
 
         if (mapping.getName() == null) {
             return null;
         }
 
-        // handle "name!method" convention.
-        String name = mapping.getName();
-        int exclamation = name.lastIndexOf("!");
-        if (exclamation != -1) {
-            mapping.setName(name.substring(0, exclamation));
-            mapping.setMethod(name.substring(exclamation + 1));
+        if (!disableDyanmicMethodCalls) {
+            // handle "name!method" convention.
+            String name = mapping.getName();
+            int exclamation = name.lastIndexOf("!");
+            if (exclamation != -1) {
+                mapping.setName(name.substring(0, exclamation));
+                mapping.setMethod(name.substring(exclamation + 1));
+            }
         }
 
         return mapping;

Modified: 
struts/struts2/trunk/core/src/main/resources/org/apache/struts2/default.properties
URL: 
http://svn.apache.org/viewvc/struts/struts2/trunk/core/src/main/resources/org/apache/struts2/default.properties?rev=437855&r1=437854&r2=437855&view=diff
==============================================================================
--- 
struts/struts2/trunk/core/src/main/resources/org/apache/struts2/default.properties
 (original)
+++ 
struts/struts2/trunk/core/src/main/resources/org/apache/struts2/default.properties
 Mon Aug 28 14:46:53 2006
@@ -71,6 +71,11 @@
 ###            headers)
 struts.serve.static.browserCache=true
 
+### Set this to true if you wish to disable all forms of dynamic method 
invocation
+### via the URL request. This includes URLs like foo!bar.action, as well as 
params
+### like method:bar. See the DefaultActionMapper for more info.
+struts.core.disableDynamicMethodInvocation = false
+
 ### use alternative syntax that requires %{} in most places
 ### to evaluate expressions for String attributes for tags
 struts.tag.altSyntax=true

Reply via email to